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Abstract. Logic can be made useful for programming and for databases 
independently of logic programming. To be useful in this way, logic has to 
provide a mechanism for the definition of new functions and new relations 
on the basis of those given in the interpretation of a logical theory. We 
provide this mechanism by creating a compositional semantics on top of 
the classical semantics. In this approach, verification of computational 
results relies on a correspondence between logic interpretations and a 
class definition in languages like Java or C++ . The advantage of this 
approach is the combination of an expressive medium for the programmer 
with, in the case of C++ , optimal use of computer resources. 

Keywords First-order predicate logic, compositional semantics, relations, recur- 
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1 Introduction 

"What can logic do for programming?" This question could have been asked 
as early as 1950 when it was first noticed that valuable time on one of the few 
computers had been wasted due to a programming error. The question has not 
been used as a starting point in the development of programming languages. 
When logic was connected for the first time with programming it was in the 
form of logic programming, arising as a special form of automatic theorem- 
proving with the resolution inference rule. Given that many alternatives need to 
be excluded before arriving at logic programming, it is likely that it is not the 
whole answer to the question of what logic can do for programming. To make 
sure that we don't prematurely exclude interesting possibilities, let us see how 
far we can get without any inference rule. On the other hand, in this paper we do 
not try to do everything, so we restrict the scope of "logic" to mean first-order 
predicate logic. 

A good starting point for the use of logic for programming is that logic 
formulas have symbols that are interpreted as functions or as relations. On the 
programming side we note that code is organized into subroutines, which can 
take the form of procedures or function subroutines. A desirable property of 
subroutines is that they are free from side-effects: that function subroutines 
only interact with their environment by delivering a result and procedures only 
do so by modifying one or more parameters. Our approach to programming in 
logic relies on a correspondence between such side effect-free subroutines on the 
one hand and functions or relations in interpretations of logic theories on the 
other. 



Most of a programmer's work consists of writing new subroutines in terms 
of existing ones. To be useful for programming, logic has to provide a mecha- 
nism for defining new functions and relations in terms of existing ones. It may 
seem that the semantics of logic does not provide such a mechanism. However, 
this problem is solved by reformulating the classical semantics as compositional 
semantics. In compositional semantics the meaning of a composite syntactic con- 
struct is defined as a combination of the meanings of the constituent parts of 
the construct. In this way we obtain a meaning assigned to a term with vari- 
ables. This meaning is a function. We also obtain a meaning assigned to formula 
with free variables. This meaning is a relation. Compositional semantics makes 
any term and formula with (free) variables available for the definition of a new 
function or relation. 

What do we do with this definition mechanism? To go beyond a theoretical 
exercise there needs to be a way to get a computer program verified in some way 
by a specification in logic. 

Let us consider interpretations for a theory of logic. Classical examples are 
theories for commonly used structures of algebra, such as monoids, groups, rings, 
and fields. For each of these, the axioms are formalized as a theory of logic. A 
given algebraic structure is then by definition a monoid, group, ring, or field 
according to whether it satisfies, in the sense of model theory, the defining logical 
theory. Although these theories and this methodology were established before 
the birth of computers, it is a topic of current research to establish a link between 
them and efficient implementations of algorithms [3] . 

An interpretation for a theory T consists of a universe of discourse D, a func- 
tion over D as interpretation for every function symbol in T, and a relation over 
D for every relation symbol in T. A properly structured program consists almost 
entirely of definitions of function subroutines and of procedures. In a language 
like Java or C++ classes are used to organize function subroutines and proce- 
dures into meaningful groups. This suggests to us that the desired connection 
between logic and the operation of a computer can be made by writing a class 
in such a way that it is sufficiently similar to an interpretation of a logic theory 
that the behaviour of the (side-effect free) subroutines of the class is decribed by 
the corresponding function or relation symbol of the theory. Although classes are 
used, this is not object-oriented programming, where side-effects of subroutines 
are not merely regrettable lapses, but constitute the essence. 

To illustrate how this correspondence between a logical theory and a class 
can be used consider the following example. Let the theory consist of the ax- 
ioms for Euclidean domains in the sense of abstract algebra. The constants are 
and 1 for the additive and multiplicative identities. The function symbols are 
those for addition, multiplication, and subtraction. The integers are the most 
familiar example. Especially interesting are the ones leading to a finite universe 
of discourse, such as the modular numbers. To be specific, consider a C++ class 
that emulates an interpretation for the axioms for Euclidean domains by having 
instances named zero and one and subroutines for addition, multiplication, and 
subtraction. Let us add to the theory for Euclidean domains a relation symbol 



gcd such that gcd(a, b, c) holds iff c is the greatest common denominator of a 
and b. The definition can be made to correspond to a C++ procedure using an 
implementation of the C++ class for Euclidean domains. Such a procedure is a 
program for a computer on which C++ is implemented. Because the procedure 
relies on the C++ class, the correctness of the implementations of addition, mul- 
tiplication, and subtraction of the Euclidean domain class imply correctness of 
the implementation of gcd. 

Plan of the paper As preparation for compositional semantics of logic, and to 
establish terminology and notation, we begin with two reviews: material on re- 
lations in Section [2] on model-theoretic semantics in Section [3] Much of this 
material is standard, but some concepts, such as the quotient of one function 
by another, are rarely found in the literature. This particular one is crucial to 
the paper. The basic observation underlying our definitions of relations is that 
any formula defines a relation as the set of tuples that, when assigned to the 
tuple of free variables, makes the formula true, given a fixed interpretation of 
function and relation symbols. In this way formulas denote relations; we call this 
the compositional semantics of logic. It is the topic of Section 13.21 In Section 0] 
we apply the compositional semantics to the introduction of new function and 
relation symbols and define their interpretations. This section does not treat the 
recursive case, which is the topic of Section [5] In Section [6] we discuss the design 
of a C++ class so that it can be regarded as a specification of an interpretation 
for a given theory. 

2 Notation and terminology for functions and relations 

Not all authoritative texts agree on the notations of set theory needed in this 
paper. We also need some concepts that are usually not covered in introductions 
like the present one. Therefore we collect in this section the necessary material, 
terminology and notation. 

Functions The set of functions that take arguments in a set S and have values 
in a set T is denoted S — > T. This set is said to be the type of a function 
/ G (S — > T). We write f(a) for the element of T that is the value of / for 
argument a£S; f(a) may also be written as f a . If an expression E with a single 
free variable x is used to define the values of / G (S — > T), then the mapping of 
/ is (a e S) >-> E[a]. 

If S' C S, then the projection (or restriction) f^S' of / G S — » T on S' is 
the function in S' -> T such that (/|S")(«) = /(a) for all a G S'. 

Suppose we have / G S — > T and g G T — > U. Then the composition g o f 
of / and g is the function h G S — > U defined by x (— > g(f(x)). Suppose now 
that we are given / G S — » T and h G S — >• U, is there a g G T — » U such that 
h = g o /? The answer, depending on / and h, may be that there is no such g, 
or one, or more than one. We therefore define h/f, the quotient of h by /, to be 
{geT^U\fog = h}. 



Tuples Often an n-tuple over a set D is thought of as an object (do, ■ ■ ■ , d n -\) 
in which an element of D is associated with each of the indexes 0, . . . , n — 1. It 
is convenient to view such a d as a function of type {0, . . . , n — 1}— > D. This 
formulation allows us to consider tuples of which the index set is a set other 
than {0, . . . , n — 1}. Hence we define a tuple as an element of the function set 
J — > T, where / is an arbitrary countable set to serve as index set. / —> T is the 
type of the tuple. 

Example If t is tuple in {x,y, z} — > R, then we may have t x = 1.1, t y — 
1.21, and t z = 1.331. A more compact notation would be welcome; we use 



t : 



X 


y 


z 


1.1 


1.21 


1.331 



where the order of columns is immaterial. 



Example t G {0, 1, 2} — > {a, b, c}, where t 



2 


1 





c 


c 


b 



In cases like this, where the 



index set is of the form {0, . . . , n — 1}, we use the compact notation t = (b, c, c), 
using the conventional order of the index set. 



Relations A relation is a set of tuples with the same type. This type is the type 
of the relation. 
Example 

sum = {(x } y, z) e ({0, 1, 2} — > TZ) \ x + y = z} is a relation of type {0, 1, 2} — > TZ. 
Compare this relation to the relation 

a = {s G ({x,y, z} TZ) | s x + s y — s z }. As their types are different, they are 

x y z 

different relations; (2, 2, 4) G sum is not the same tuple as s G a where s = t^^"- 

Definition 1. If r is a relation with type I — V T, then the projection 7T//(r) of 
r on I' C I is 

{f el'^T | 3f G r. (/|/') = /'}. 

// ro and r\ are relations with types I — >• T and Ii — > T, respectively, then 
the join ro 1X1 r\ of ro and r\ is 

{/ G (Jo U h) -> T | (/4J ) G r and (fih) G rj. 

Definition 2. Let H <Z (S ^> U) be a relation and let f G S — > T 6e a iupfe. 
TTien f/ie quotient H/f of H by f is defined as the relation L){h/f | h G H} of 
type T — > U . 

Example With S = {0, 1, 2}, U = TZ, T = {x, y}, sum = {h G {0, 1,2} ^TZ\ 
ho + hi = /12}, and / = (x, cc, y) we have 

sum/(x,x,y) = {(s G {x,y}) -^TZ\s y = 2s x }. 

Here quotient on relations is used to define on the basis of the sum relation the 
relation indexed by {x, y} in which the argument indexed by y is double the one 
indexed by x. 



3 Semantics for first-order predicate logic 



Conventional semantics is primarily concerned with the justification of inference 
systems. The use of predicate logic for the definition of functions or relations is 
secondary, if considered at all. As a result, conventional semantics centres around 
the concept of satisfaction: under what conditions is a formula satisfied by a given 
interpretation of the relation symbols and constants under a given assignment 
of individuals to the variables. Because of the emphasis on satisfaction, we refer 
to this kind of semantics as satisfaction semantics. Compositional semantics, in 
contrast with satisfaction semantics, defines the meaning of a complex term or 
formula as a composition of the meanings of the constituent terms or formulas. 

3.1 Satisfaction semantics 

Our language of logical formulas is determined by a set V of variables, a set F 
of function symbols, and a set R of relation symbols. The role constant symbols 
is played by 0-ary function symbols. 

To avoid lexical details we give the syntax in an abstract form. 

A term is a variable, a constant symbol, or an expression consisting of a fc-ary 
function symbol and a tuple of k terms. 

An atom (or atomic formula) is an expression consisting of a /c-ary relation 
symbol and a tuple of k terms. 

A conjunction is a formula consisting of a set of formulas. 

An existential quantification is a formula consisting of a variable and a for- 
mula. 

A negation is a pair consisting of a formula and an indication that the pair 
is a negation. 

An interpretation M for the language consists of a set D called the universe 
of discourse (with elements called individuals) of the interpretation, a function 
that maps every n-ary function symbol in F to a function of type D n — > D, and 
a function that maps every n-ary relation symbol in R to a subset M(p) of D n . 

The interpretation M is extended to assign the meaning M(t) to every 
variable-free term t and extended to determine whether a variable-free formula 
is true. 

We first define the meaning of variable-free atoms. 

— M(/(t„, • . • , t„_i)) = (M(/))(M(t ), • . • , M(t„_i))). 

— A variable- free atom p(to, • • • , ife-i) is satisfied by an interpretation iff 
(M(io),...,M(t fc _i)) e M(p). 

— A conjunction {F n , . . . , F„_i} of variable- free formulas is satisfied by M iff 
Fi is satisfied by M, for all i G {0, . . . , n — 1}. 

— A variable-free formula that is the negation of F is satisfied by M iff F is 
not satisfied by M. 



We now consider meanings of formulas that contain variables. Let A be an 
assignment, which is a function in V — > D, assigning an individual in D to every 
variable. In other words, A is a tuple of elements of D indexed by V. As meanings 
of terms with variables depend on A, we write M A for the function mapping a 
term to a domain element. M A is defined as follows. 

— M^(t) = A(t) if t is a variable 

— Ma(c) = M(c) if c is a constant 

— M A (f{t ,...,t n ^)) = (M(f))(M A (t ),...,M A (t n ^))). 

— p(to, . . . , ik-i) is satisfied by M with A iff 
(Mx(*o),...,AfA(tfc_i)) G M(p) 

Now that satisfaction of atoms is defined, we can continue with: 

— {Fq, ■ ■ ■ , F n _i} is satisfied by M with A iff the formulas Fi are satisfied by 
M with A, for alii = 0, . . . , n - 1. 

— If F is a formula, then 3x.F is satisfied by M and A iff there is a <i G D 
such that -F is satisfied with M with A x |<j where A x u is an assignment that 
maps x to d and maps the other variables according to A. 

— -^F is satisfied by M with A iff formula F is not thus satisfied. 

The meaning of formulas contain disjunction, implication, or existential quan- 
tification is obtained by eliminating these according to the usual rules. 



3.2 Compositional semantics for first-order predicate logic 

The conventional semantics for first-order predicate logic focuses on the condi- 
tions under which a sentence, that is, a variable-free formula, is satisfied by an 
interpretation for constants, function symbols, and relation symbols. Yet terms 
with variables and formulas with free variables are potentially definitions of new 
functions and relations defined in terms of existing ones. 

Definition 3. Let t be a term with set V of variables, and let M be an inter- 
pretation for the theory in which the term occurs. M(t) is a function of type 
(V -> D) -> D that maps A e (V -> D) to M A {t). 

Example t = x 2 + 2y 2 + 3z 2 , V = {x,y, z}, D = TZ, M(t) is the function with 
map 

(Ae(V ^{x,y,z}))^(M A (t)eK). 



e.g. M(t)(- 



X 


y 


z 




2 


1 



3 2 + 2 • 2 2 + 3 • l 2 = 20. 



Following Cartwright [2]: 

Definition 4. LetV be the set of the free variables in the formula p(to , . . . ,i„_i). 
We extend M to atomic formulas containing variables by defining M(p(to, . . . , t n -i 
to be 

{AeV^D | (Ma (to)) • ■ ■ , M A (t n _0) G M(p)}. 



According to this definition, a closed formula denotes a relation consisting of 
tuples of length 0. As there is only one such tuple, there are only two such 
relations, each of which is identified with one of the two truth values. With 
this understanding, the following definition generalizes the conventional one for 
logical implication. 

Definition 5. Let formulas (fa and (pi have the same set of free variables and 
admit of the same interpretations. We define (po \= <fi to mean that M((po) C 
M(ifi) for all interpretations M. 

In the previous section we used the conventional semantics, which determines 
under what conditions a sentence is satisfied by an interpretation for the relation 
symbols and constants, to define a semantics that extends the meaning function 
M from from relation symbols to atomic formulas with free variables. According 
to this extended semantics every atomic formula with set V of free variables 
denotes a relation of type V — >• D. 

For a semantics to be compositional it is necessary that the meaning of a 
composite formula is a composition of the relations that are the meanings of its 
constituent formulas. Accordingly we define in this section the compositional se- 
mantics of conjunctions, negations and existentially quantified formulas in terms 
of the relations denoted by their constituent formulas. And although we have 
already given, in Definition [4j a relational semantics for an atomic formula that 
may have free variables, this semantics is not compositional. For this it is nec- 
essary that we specify what operation on M(p) gives the M(p(to, . . . ,t n -i)) of 
Definition U] 

Theorem 1. If to, . . . , i n -i are variables, then we have M(p(to, . . . , t n — \)) = 

M(p)/(t ,...,*n-l)- 

Proof. Let A be such that a = A\V. 
a in the left-hand side (Definition |4} 
p(to, ■ • ■ , ifc-i) is satisfied by M with A <^> (use satisfaction) 
(a(t ),...,a(*fe-i)) 6 m (p) ( use f = aot) 
(jo, • ■ • > /fe-i) £ M(p) (use definition of / (quotient)) 
a G M(p)/(* ,...,*fc-i). 

Example 

M (sum(x , x , y)) — {s £ x, y — > 1Z 2s x — s y } 

= {te {0, l,2}^n\t + ti = t 2 }/(x, x, y) 
= M(sum) I (x, x, y) 

The first equality arises by Definition 01 The second equality arises by Defini- 
tion [2j The third equality arises by the meaning of sum in the assumed interpre- 
tation of the relation symbol. 

Theorem 2. For any formulas (fo, ■ ■ ■ 5 Vfe-i we have 



M((f A • • • A ipk-x) = M(<p ) M ■ • • tX M(p fe _i) 



Theorem 3. Let ip be a formula with V as its set of free variables, and W — 
{wq, . . . , Wk~i} a be subset of V . Then we have 

M(3w . . . Wk-i.<p) = n v \ w (M((p)) 

Theorem 4. Let if be a formula with V as set of free variables. Then M(—iip) 
is the complement in V — > D of M(ip). 



4 Extensions of theories 



Most subroutines call subroutines. This means that much of a programmer's 
activity consists of defining a new subroutine in terms of existing ones. What a 
programmer should look for in logic is the possibility of defining new functions 
and relations in terms of existing ones. In this section we use the compositional 
semantics developed earlier as the basis of such a definition mechanism. 



Definition of functions Let t be a term with V as set of variables. It can be a 
complex term, deeply nested, with many occurrences of function symbols. Its 
subterms can share variables in intricate patterns. This richness of expression 
makes it attractive for a programmer to encapsulate such a complex term by 
making its denotation the interpretation of a new function symbol /. A candidate 
for the interpretation of such an / is M{t). 

But suppose that we interpret / by M(t), how do we then interpret the 
term /(to, • • • , tn-i) when the interpretation gives ao, . . . , a n —i G D as values 
for to, ... , t n -\1 How do the n individuals ao, . . . , a„_i find their way to the 
corresponding n variables in to,. . . , i„_i? The difficulty here is that M(t) is a 
function of type (V — > D) — > D, whereas / needs to be interpreted by a function 
of type ({0, . . . , n — 1} — >• D) — > D. The difficulty is resolved in the following 
definition. 



Definition 6. Let T be a theory of first- order predicate logic not containing a 
function symbol f. Let M be an interpretation for T and let t with set V of 
variables be a term of T . The extension of T by / is a theory T' with function 
symbol f and otherwise identical to T . The extension of M by / and t is an 
interpretation M' that is identical to M except that M' assigns to f the function 
of type ({0, . . . , n— 1} — )■ D) — > D with map (ao, . . . , a n -i) H> Ma(£) (footnot^) 
where 



A = (a , . . . , a„_i) o (xq, • ■ • , Xn-iY 
and (xo, ■ ■ ■ ,x n —i) (see footnot^) is some enumeration of V . 



1 See Definition for the meaning of Myt(t). 

2 This tuple is a function of type {0, . . . , n — 1} — ¥ V. The inverse (xo, • • • , ^n-i) -1 
exists because all variables in the tuple are different. 



Example t = x 2 +2y 2 + 3z 2 , V = {x, y, z}, D =11. 



With A = (3, 2, 1) o ( x , y, z)- 1 = 



x 



- e {x, y,z} -> K we get /(3, 2, 1) 



M' A (t) = 3 2 + 2 • 2 2 + 3 • l 2 = 20. 

With a different enumeration of the variables we get a different function. E.g. 



A = (3,2,1) o (y.z^x)- 1 
l 2 + 2-3 2 + 3-2 2 = 31. 



X 


y 




1 


3 


2 



G {x, y, z} -»• ft we get /(3, 2, 1) = M' A (t) 



Definition [5] is a semantic one, so has no commitment to any particular syntax. 
Syntax for the definition is only of secondary concern in this paper. However, we 
do want to remark here that specifying the extensions to T and M by writing 

/ def X(x ,...,x n -i). t (1) 

carries the necessary information. The use of lambda suggests the intent of the 
definition that to evaluate /(to,. .. , i n -i) one has to pair the Xi in t with the 
values of the ij. However, this has no formal connection to lambda calculus: the 
meaning of (flj is determined by the interpretation for / specified in Definition [51 

Iterated extensions of interpretations for new function symbols When an inter- 
pretation has been extended by new function symbols, one can repeat a similar 
process where new function symbols are defined in terms of the function symbols 
that have already been introduced. This is natural from a programming point 
of view: a function subroutine often contains calls to subroutines defined in the 
same program. 

We therefore define the iterated extension of order n for n — 0,1,2,... 

— The iterated extension of order is the extension according to Definition |6l 

— The iterated extension of order n > is the extension according to Defini- 
tion [6] when the interpretation M has incorporated all iterated extensions of 
orders 0, . . . , n — 1. 

Definition of relations Let F be a formula with V as set of free variables. Then 
M(F) is a relation of type V — > D. F can be a formula with quantifications 
nested arbitrarily deeply, with many relation and function symbols. Such com- 
plexity, together with intricate patterns of shared variables within the same 
scope give the programmer a powerfully expressive tool for the definition of new 
relations out of existing ones. 

However, a new relation symbol p needs to be interpreted by a relation of 
type {0, . . . , n— 1} — > D, where n is the number of free variables in F. Theorem[T] 
suggests how to resolve the type mismatch. 

Definition 7. Let T be a theory of first- order predicate logic not containing the 
relation symbol p. Let M be an interpretation for T and let F be a formula of 
T . The extension of T by p is a theory T' with relation symbol p and otherwise 
identical to T . The extension of M by p and F is an interpretation M' that 



is identical to M except that M' assigns to p the relation M(F)/(xq, . . . , x n _i) 
where (xq, . . . , x n _i) is some enumeration of the variables in F. 

Definition [7] is a semantic one, so has no commitment to any particular syn- 
tax. Syntax for the definition is only of secondary concern in this paper. However, 
we do want to remark here that specifying the extensions to T and M by writing 

P def \(x ,...,x„-i). F (2) 

carries the necessary information. The use of lambda suggests the intent of the 
definition that to determine the truth value of p(yo, ■ ■ ■ , Un-i) one has to pair the 
Xi with the M{%)i). However, this has no formal connection to lambda calculus: 
the meaning of © is determined by M(F)/(xo, ■ ■ ■ , x n -i) being the interpreta- 
tion for p. 

Example Let M(sum) = {h G {0, 1, 2} — > TZ | ho + hi = h 2 }, V = {x, y}, and 
F = sum(i, x, y). With p def X(x, y). F and q def X(y, x). F we get e.g. 
p(6,3) iSM(sum(x,x,y)/(x,y))(6,3) iff M(sum(6, 6, 3)) iff false 
q(6, 3) iff M(sum(x, x, y)/(y, x))(6, 3) iff M(sum(3, 3, 6)) iff true 

5 Recursively denned extensions 

So far we have assumed that the introduced function or relation symbol does not 
occur in the defining term or formula. If we allow the introduced function symbol 
to occur in the defining term we allow the possibility of the resulting function to 
be partial. As we stay within classical first-order predicate logic, where functions 
are total, we impose the restriction that the definiendum cannot occur in the 
definiens. 

However, in first-order logic, relation symbols are interpreted by relations. As 
the interpretation of p with n arguments can be any subset of {0, . . . , n — 1} — > D, 
including the empty subset, no such obstacle exists for the definition of new 
relation symbols. In this section we consider the case where the definition is 
recursive in the sense of the defining formulas containing new relation symbols. 

Because of the absence of recursive definitions of new functions we can sup- 
pose all new function symbols introduced by extensions of all orders to have 
been replaced by their definition before considering the semantics of the recur- 
sive definitions of the relations. This is only necessary for theoretical purposes; 
in practice one leaves the function definitions in place to have the advantage of 
a compact theory. 

Definition 8. Among interpretation extensions with fixed function interpreta- 
tions, an interpretation M is included in M' iff M(p) C M'(p) for all new 
relation symbols p. A mapping Tfrom the set of interpretations to itself is said 
to be monotonic iff M is included in M' implies that T(M) is included in T(M'), 
where M and M' have the same interpretation for their function symbols. 

Thus we find that the desire to stay within first-order predicate logic sug- 
gests unrestricted definitions of new relations based on a fixed repertoire of given 



relations and given functions. The use of logic proposed here has not proposed 
any inference system. Yet we find something in common with logic program- 
ming, where only relations are defined by the program and the function symbols 
have fixed interpretations. A difference is that logic programming also fixes the 
universe of discourse to be the Herbrand universe. Here the fixed interpreta- 
tions for function symbols are freely chosen functions over arbitrary universes of 
discourse. 

We consider simultaneous definitions Pi def A^^q, ■ • ■ j x i m«-i)-Pi- How to 
extend a given theory with these relation symbols? According to Definition [7] 
the extended interpretation assigns to the new relation symbols po, ■ ■ ■ ,p n -i the 
relations M(po), . . . , M(p„_i) that satisfy the equations 

M(p ) = M(F )/(x 0>0 , X , mo -l) 

(3) 

M(p n -i) = M(F n - 1 )/(x n -ifl, ■ ■ - ,a;7i-i,m„_i_i) 

The variables are local to each of the right-hand sides separately. One can see 
this by observing that a systematic renaming of the variables in a right-hand 
side does not change the meaning of that expression. 

In general we cannot say anything about existence and uniqueness of solu- 
tions. Let us consider one example of a condition on Fq, . . . ,F n —i that ensures 
a unique solution: that these formulas are existentially quantified conjunctions 
of atomic formulas with the right sets of free variables. When such formulas are 
translated to clausal form they are right-hand sides of Horn clauses. Let us call 
such formulas "Horn formulas" , even though they do not represent Horn clauses 
in their most general form. 

Theorem 5. The equations in ^j) have a unique least solution if Fq, . . . , F n _i 
are Horn formulas. 

Proof. Because the formulas in Equation [3] are Horn formulas, the right-hand 
sides in ([3]) constitute a monotonic mapping on the set of interpretations with 
fixed function interpretations. The monotonicity implies that ([3]) has a unique 
least solution. 

Example: Euclid's algorithm in a Euclidean domain 
The logical theory has constants zero and unit, binary function symbols + 
and *, and binary relation symbol <. We extend the theory by the definition 
gcd def A(a;, y, z).F where Fq is the Horn formula 

gcd(x, y,z) <— x < y A gcd(x, y — x, z) A 

gcd(x, y,z) <- y < x A gcd(x - y, y, z) A (4) 

gcd(x, y,z)^y~xl\z = x 

where we write A B for A V —>B. The meaning of gcd is given as the least 
solution of j3j where n = 1, po is gcd and {xo,0: • • • , ^o,m -i} is { x , V, z }- 



6 Implementation of interpretations 



So far all we have done is to evaluate logic on its merits as a programming 
language. This would be futile without a way to use a computer to obtain results 
that are verified by a logic theory. In this section we describe a method for this 
purpose. 

Our starting point is the way a logical theory is used to define an abstract 
mathematical concept. Take for example the concept of group. Whether a struc- 
ture is a group is determined by the group axioms, which are formalized as 
a theory of logic. The criterion is whether the structure, regarded as an in- 
terpretation, makes the theory a true sentence. Many different structures are 
groups according to this criterion. Many computer applications can be analyzed 
in terms of mathematical structures: numbers of various kinds, strings, n-ary 
relations, vectors, matrices, graphs, partially-ordered sets, . . . Axiomatizations 
of these structures have been expressed as logical theories or are candidates for 
such treatment. The values to be computed appear as values of functions or as 
arguments to relations. These functions and relations occur in a logical theory 
or, more likely, as extensions defined in the way described in this paper. 

One way of combining logic and a computer application is to arrange the 
operations of the computer in such a way that they can be interpreted as in- 
ferences from an axiomatic theory. This is what is done in logic programming, 
where resolution is the inference rule. In this paper we propose a different way. 
We do not use an inference system. We use the fact that a given theory can be 
satisfied by two different interpretations, say, A and B. A is the familiar mathe- 
matical structure. B a program in a conventional programming language that is 
compiled and executed in the conventional way. If B is also sufficiently similar 
to an interpretation of the theory and if this interpretation satisfies the theory, 
then we can say that A is a specification of B and that B is verified with respect 
to A. If B is written in a language like C++ , then there is the possibility that it 
makes optimal use of the computer's hardware. 

Consider the mathematical concept of a Euclidean domain. The structure 
is axiomatized as having as functions commutative addition, subtraction and 
commutative multiplication with multiplication distributing over addition. It 
contains as the neutral clement for addition and 1 as the neutral clement for 
multiplication. The integers arc an example of a structure that satisfies the Eu- 
clidean domain axioms. As another example of such a structure consider the set 
of bit patterns stored in computer memory and operations on them implemented 
by hardware instructions or software programs. 

In so far as the resulting structure satisfies the Euclidean domain ax- 
ioms, these instructions and programs are verified as being a correct im- 
plementation of a Euclidean domain. 

This fact is the basis of the method of using logic for programming that we pro- 
pose in this paper. It remains to find a convenient way of tying together subrou- 
tines and a type that can be regarded as an interpretation that can be examined 
whether it satisfies the intended theory. The class mechanism of C++ offers a 



reasonably convenient way of assembling types and subroutines to be regarded 
as an interpretation for a theory of logic. 

We present the class listed below as an interpretation for the axioms for a 
Euclidean domain extended with the definition of the three-argument relation 
gcd. Ideally one should be able to translate the Horn formula (|4]) to the code 



bool gcd(x, y, z){ 

if (x<y kk gcd(x, y-x, z)) return true; 
if (y<x kk gcd(x-y, y, z)) return true; 
z = x; return true; 



In actual fact we needed to clutter up this definition as shown in the listing be- 
low. The listing implements one specific Euclidean domain: that of the natural 
numbers modulo 65521. It has the property that the class is an exact interpreta- 
tion of the axioms: no approximations are made, nor is the correctness vitiated 
by the possibility of overflow. The bit patterns in the computer (little-endian 
two's complement integers) are one of the many universes of discourse for inter- 
pretations satisfying the axioms for Euclidean domains. 



class ED{ // ED: Euclidean Domain 
int val; const static int mod = 65521; 
//class invariant: <= val < mod 
public : 

EDO: val(O) {> 
ED (int val): val (val) { 
if (val < 0) this -> val = mod - (-val)°/ mod; 
else this -> val °/,= mod; } 
static ED zeroO { return ED(0); } 
static ED unitO { return ED(1); > 
friend ED operators- (const ED& x, const ED& y) 

{ return ED (x. val + y.val); } 
friend ED operator- (const ED& x, const ED& y) 

{ return ED (x. val - y.val); } 
friend ED operator* (const ED& x, const ED& y) 

{ return ED (x. val * y.val); } 
friend bool operator< (const ED& x, const ED& y) 

{ return x . val < y . val ; } 
static bool gcd(const ED& x, const ED& y, ED& z){ 
if (x<y kk gcd(x, y - x, z)) return true; 
if (y<x && gcd(x - y, y, z)) return true; 
z = x; return true; 

} 

}; 

int mainO { ED c; ED :: gcd (ED (48) , ED (36), c) ; } 



7 Conclusions 



In this paper we addressed the question of what first-order predicate logic, in its 
pristine form before there were computers, can do for programming. On the pos- 
itive side we see terms that range over a universe of discourse (corresponding to 
the values that program variables assume) , function symbols that have functions 
as interpretation (corresponding to side-effect free function subroutines), and re- 
lation symbols that have relations as interpretation (corresponding to side-effect 
free procedures). On the negative side are (1) no mechanism for defining new 
functions and relations on the basis of existing ones and (2) it is not clear how 
to get a computer to evaluate a term or determine the truth value of a formula. 
Both of these shortcomings have been met in this paper. 

As for problem (1), our analysis is that it is caused by the absence of compo- 
sitional semantics for logic. We corrected this deficiency by introducing a mech- 
anism for extending an existing theory with new function and relation symbols 
and its interpretation with the corresponding functions and relations. 

Our function definitions are not allowed to be recursive. This restriction 
is forced by the fact that function symbols are interpreted by total functions. 
Lifting this restriction has been the subject of much research, a sample of which 
is found in [5] . For us this is not a high priority, as the restriction is no obstacle 
to making definitions of new relation symbols recursive. 

This leaves us with a language in which the programmer can define new re- 
lations in mutual recursion on the basis of existing relations and a repertoire 
of total functions (some coming from the axiomatic theory, some programmer- 
defined according to the mechanism described in this paper) that is fixed in 
the context of the relational definitions. Logic programming is more restricted: 
the universe of discourse is the Herbrand universe, therefore entirely determined 
by the function symbols of the theory, and the same holds for their interpreta- 
tions. In our approach the universe of discourse can be any data types that are 
representable in a computer memory; the functions can be any total functions 
definable as first-order terms. 

The meaning of our recursive definitions of relation symbols is determined by 
a set of equations. We restrict ourselves to a simple special case in which these 
equations are known to have a unique least solution. We call the formulas of this 
special case "Horn formulas" as they correspond to a subset of the Horn clauses 
if translated to clausal form. 

Let us now consider problem (2), how to connect the logical theory and its 
extensions to a computer in a way that optimally uses its hardware, including 
its arithmetic. In logic programming, relations are defined by Horn clauses. The 
computer is used to carry out resolution inference to obtain a logical conse- 
quence of the definitions. In our method we use no inference. Instead we use 
the fact that a theory of logic is agnostic about its interpretations. According to 
our method we write a program that can be regarded as an interpretation for 
this same theory. Our counterpart of the elements of the Euclidean domain are 
two's complement little-endian bit patterns that behave according to some Intel 
manual. The fact that the program is also an interpretation of a theory that is 



satisfied by Euclidean domains verifies the program as a correct implementation 
of this abstract algebraic structure. 

To our knowledge no programming language exists that allows one to spec- 
ify an interpretation for a theory in first-order predicate logic. Our method is 
interesting because one can approach this ideal by writing in C++ a class with 
functions and relations that correspond closely enough to those of a Euclidean 
domain. We extend our theory by a three-place relation for gcd. 

The correspondence between the C++ definition of the algorithm and the 
logical formula extending the theory is far from perfect, but significant. That 
anything like this is possible at all is a marvel, considering that C++ started out 
as "C With Classes" [4] and has remained constrained by compatibility with C 
during its formative years. We rejected Java as a language for interpretations 
because of its reliance on heap storage allocation. Our hunch is that there are 
plenty of interesting algorithms that only need stack storage allocation, which is 
what we see exclusively in the listing in Section [B] 

The results in this paper suggest research both in logic and in programming 
languages. First-order predicate logic, as we have inherited it from the early 
twentieth century, is only suited for the formalization of small axiom systems. 
It works fine for a group. But it fails already for something as mundane as 
a Euclidean domain ("a ring with cancelation law and a valuation, where a 
ring is a commutative additive group as well as a multiplicative monoid" pQ). 
The mechanisms developed for programming languages may be helpful here. 
On the programming-language side C++ is an encouraging example. In spite of 
its having evolved under the constraint of compatibility with C, it seems the 
best existing vehicle for implementing interpretations of logic theories that run 
efficiently. A language for implementing interpretations of logic theories that is 
similar to C++ , but released from the constraint of compatibility with a primitive 
language, may be an advance in programming languages not seen since the main 
paradigms, exemplified by Fortran, Lisp, Algol, Simula, Prolog, Smalltalk, and 
ML, were all in place. 
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